Is the server your domain's authoritative Nameserver?

shutting off the 2nd name server changed nothing.  So yes it is the authoritative Nameserver.

I don't see a test for DKIM on mxtools, but here is the output from mail-tester.com  So I don't think anything sees a DKIM.

Your DNS modifications are still not applied
DomainKeys Identified Mail (DKIM) is a method for associating a domain name to an email message, thereby allowing a person, role, or organization to claim some responsibility for the message.

You recently modified your DNS, please do a new test in 12 hours.
Your old record:

Your future record:

;
;
connectiontimedout;
noserverscouldbereached

No, you need to generate new DKIMs for new domains. They are tied to the Domain realm-part of the the FROM Address. MxToolBox supports it, type it in the fashion: "txt:dkim._domainkey.domain.com" replacing domain.com with your domain. Looks like your server cannot be reached for DNS Queries, so that seems to be your current issue. "connectiontimedout;
noserverscouldbereached"
Maybe its as simple as a firewall issue, maybe not,.

If you want to add public DKIM key in Bind, you can copy the output of command "amavisd showkeys" to Bind config file directly.

The DKIM configurations are stored in conf.d/50-user
so follow the generation and the rest of the tutorial but use the above configuration file instead